]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - private/ejabberd/default.nix
Add tools
[perso/Immae/Config/Nix.git] / private / ejabberd / default.nix
1 { lib, pkgs, config, ... }:
2 let
3 cfg = config.myServices.ejabberd;
4 in
5 {
6 options.myServices = {
7 ejabberd.enable = lib.mkOption {
8 type = lib.types.bool;
9 default = false;
10 description = ''
11 Whether to enable ejabberd service.
12 '';
13 };
14 };
15
16 config = lib.mkIf cfg.enable {
17 security.acme.certs = {
18 "ejabberd" = config.myServices.certificates.certConfig // {
19 user = "ejabberd";
20 group = "ejabberd";
21 domain = "eldiron.immae.eu";
22 postRun = ''
23 systemctl restart ejabberd.service
24 '';
25 extraDomains = {
26 "immae.fr" = null;
27 "conference.immae.fr" = null;
28 "proxy.immae.fr" = null;
29 "pubsub.immae.fr" = null;
30 "upload.immae.fr" = null;
31 };
32 };
33 };
34 networking.firewall.allowedTCPPorts = [ 5222 5269 ];
35 myServices.websites.tools.im.enable = true;
36 systemd.services.ejabberd.postStop = ''
37 rm /var/log/ejabberd/erl_crash*.dump
38 '';
39 secrets.keys = [
40 {
41 dest = "ejabberd/psql.yml";
42 permissions = "0400";
43 user = "ejabberd";
44 group = "ejabberd";
45 text = ''
46 sql_type: pgsql
47 sql_server: "localhost"
48 sql_database: "${config.myEnv.jabber.postgresql.database}"
49 sql_username: "${config.myEnv.jabber.postgresql.user}"
50 sql_password: "${config.myEnv.jabber.postgresql.password}"
51 '';
52 }
53 {
54 dest = "ejabberd/host.yml";
55 permissions = "0400";
56 user = "ejabberd";
57 group = "ejabberd";
58 text = ''
59 host_config:
60 "immae.fr":
61 domain_certfile: "${config.security.acme.certs.ejabberd.directory}/full.pem"
62 auth_method: [ldap]
63 ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
64 ldap_encrypt: tls
65 ldap_rootdn: "${config.myEnv.jabber.ldap.dn}"
66 ldap_password: "${config.myEnv.jabber.ldap.password}"
67 ldap_base: "${config.myEnv.jabber.ldap.base}"
68 ldap_uids:
69 uid: "%u"
70 immaeXmppUid: "%u"
71 ldap_filter: "${config.myEnv.jabber.ldap.filter}"
72 '';
73 }
74 ];
75 users.users.ejabberd.extraGroups = [ "keys" ];
76 services.ejabberd = {
77 package = pkgs.ejabberd.override { withPgsql = true; };
78 imagemagick = true;
79 enable = true;
80 ctlConfig = ''
81 ERLANG_NODE=ejabberd@localhost
82 '';
83 configFile = pkgs.runCommand "ejabberd.yml" {
84 certificatePrivateKeyAndFullChain = "${config.security.acme.certs.ejabberd.directory}/full.pem";
85 certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
86 sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
87 host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
88 } ''
89 substituteAll ${./ejabberd.yml} $out
90 '';
91 };
92 };
93 }